Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: expoit for locale format string bug (Solaris 2.x)
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Fri, 8 Sep 2000 15:24:56 -0700

Ejovi Nuwere <ejovi () EJOVI NET> writes:
Posting broken code to a full discloser mailing list is as lame as
mispelling "exploit" in your subject line. If you do not want people using
your code, don't post it!

It will be a matter of minutes before someone is giving out a working
version on IRC and a day before someone will post a working version to
bugtraq. Its not worth my time to look at code I know to be broken.

On Fri, 8 Sep 2000, Warning3 wrote:

 * Script kiddies: you should modify this code
 * slightly by yourself. :)

Has anyone with a Sun support contract heard if a patch for this is
forthcoming??  As soon as a working version of this exploit is posted,
all administrators of Solaris systems that allow local user logins are going
to be in a world of hurt.

I just installed the latest 2.6_Recommended.tar.Z, dated "Sep  7 02:35", and
it doesn't appear to include a patch for this (though I can't be positive
without a working exploit to try before and after).  Oddly, the latest
Solaris2.6.PatchReport is dated "Sep  1 16:15", prior to the latest
recommended patch cluster, and as you might expect, it doesn't seem to
mention any patches for this either.

I wish Sun would make a response in this forum so its customers (including
the ones without multi-thousand-dollar support contracts) would know what
the time window is for local users being able to easily get root.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]